Add feature to shorten Lax-allow-unsafe time thresold for tests

This change adds a base::Feature which can be enabled via command line for integration tests to lower the age threshold for Lax-allow-unsafe cookies from 2 minutes to 10 seconds, to avoid having tests that run for 2 minutes in order to test behavior after Lax-allow-unsafe expires. Bug: 1007489 Change-Id: I7ecc29f1ad970e391a8cf8abae220fed292877a0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1833705Reviewed-by: Maks Orlovich <morlovich@chromium.org> Commit-Queue: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#702169}

Add feature to shorten Lax-allow-unsafe time thresold for tests
This change adds a base::Feature which can be enabled via command line for integration tests to lower the age threshold for Lax-allow-unsafe cookies from 2 minutes to 10 seconds, to avoid having tests that run for 2 minutes in order to test behavior after Lax-allow-unsafe expires. Bug: 1007489 Change-Id: I7ecc29f1ad970e391a8cf8abae220fed292877a0 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1833705Reviewed-by: Maks Orlovich <morlovich@chromium.org> Commit-Queue: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#702169}
fcddec67 · Lily Chen · Commit Bot · 78359987 · fcddec67 · fcddec67
Commit fcddec67 authored Oct 02, 2019 by Lily Chen Committed by Commit Bot Oct 02, 2019
5 changed files
--- a/net/base/features.cc
+++ b/net/base/features.cc
@@ -54,6 +54,9 @@ const base::Feature kSameSiteByDefaultCookies{
 const base::Feature kCookiesWithoutSameSiteMustBeSecure{
    "CookiesWithoutSameSiteMustBeSecure", base::FEATURE_DISABLED_BY_DEFAULT};

+const base::Feature kShortLaxAllowUnsafeThreshold{
+    "ShortLaxAllowUnsafeThreshold", base::FEATURE_DISABLED_BY_DEFAULT};
+
 #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
 const base::Feature kCertVerifierBuiltinFeature{
    "CertVerifierBuiltin", base::FEATURE_DISABLED_BY_DEFAULT};

--- a/net/base/features.h
+++ b/net/base/features.h
@@ -83,6 +83,15 @@ NET_EXPORT extern const base::Feature kSameSiteByDefaultCookies;
 // SameSiteByDefaultCookies is also enabled.
 NET_EXPORT extern const base::Feature kCookiesWithoutSameSiteMustBeSecure;

+// When enabled, the time threshold for Lax-allow-unsafe cookies will be lowered
+// from 2 minutes to 10 seconds. This time threshold refers to the age cutoff
+// for which cookies that default into SameSite=Lax, which are newer than the
+// threshold, will be sent with any top-level cross-site navigation regardless
+// of HTTP method (i.e. allowing unsafe methods). This is a convenience for
+// integration tests which may want to test behavior of cookies older than the
+// threshold, but which would not be practical to run for 2 minutes.
+NET_EXPORT extern const base::Feature kShortLaxAllowUnsafeThreshold;
+
 #if BUILDFLAG(BUILTIN_CERT_VERIFIER_FEATURE_SUPPORTED)
 // When enabled, use the builtin cert verifier instead of the platform verifier.
 NET_EXPORT extern const base::Feature kCertVerifierBuiltinFeature;

--- a/net/cookies/canonical_cookie.cc
+++ b/net/cookies/canonical_cookie.cc
@@ -47,12 +47,14 @@
 #include <sstream>
 #include <utility>

+#include "base/feature_list.h"
 #include "base/format_macros.h"
 #include "base/logging.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/strings/strcat.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "net/base/features.h"
 #include "net/base/url_util.h"
 #include "net/cookies/cookie_util.h"
 #include "net/cookies/parsed_cookie.h"
@@ -709,13 +711,17 @@ bool CanonicalCookie::IsCookiePrefixValid(CanonicalCookie::CookiePrefix prefix,
 }

 CookieEffectiveSameSite CanonicalCookie::GetEffectiveSameSite() const {
+  base::TimeDelta lax_allow_unsafe_threshold_age =
+      base::FeatureList::IsEnabled(features::kShortLaxAllowUnsafeThreshold)
+          ? kShortLaxAllowUnsafeMaxAge
+          : kLaxAllowUnsafeMaxAge;
  switch (SameSite()) {
    // If a cookie does not have a SameSite attribute, the effective SameSite
    // mode depends on the SameSiteByDefaultCookies setting and whether the
    // cookie is recently-created.
    case CookieSameSite::UNSPECIFIED:
      return cookie_util::IsSameSiteByDefaultCookiesEnabled()
-                 ? (IsRecentlyCreated(kLaxAllowUnsafeMaxAge)
+                 ? (IsRecentlyCreated(lax_allow_unsafe_threshold_age)
                        ? CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE
                        : CookieEffectiveSameSite::LAX_MODE)
                 : CookieEffectiveSameSite::NO_RESTRICTION;

--- a/net/cookies/cookie_constants.cc
+++ b/net/cookies/cookie_constants.cc
@@ -11,6 +11,8 @@
 namespace net {

 const base::TimeDelta kLaxAllowUnsafeMaxAge = base::TimeDelta::FromMinutes(2);
+const base::TimeDelta kShortLaxAllowUnsafeMaxAge =
+    base::TimeDelta::FromSeconds(10);

 namespace {


--- a/net/cookies/cookie_constants.h
+++ b/net/cookies/cookie_constants.h
@@ -15,6 +15,8 @@ namespace net {
 // The time threshold for considering a cookie "short-lived" for the purposes of
 // allowing unsafe methods for unspecified-SameSite cookies defaulted into Lax.
 NET_EXPORT extern const base::TimeDelta kLaxAllowUnsafeMaxAge;
+// The short version of the above time threshold, to be used for tests.
+NET_EXPORT extern const base::TimeDelta kShortLaxAllowUnsafeMaxAge;

 enum CookiePriority {
  COOKIE_PRIORITY_LOW     = 0,